Ransomware on the rise. And one in five companies ready to pay the ransom

Despite the unstoppable growth of intrusions, 41% of organizations have no plans to increase their security spending. Cloud and smart working increase the risks. The photograph taken from the 2022 edition of the Thales Data Threat Report

08 Apr 2022 F. Me

Ransomware intrusions do not stop and more and more companies - 22% globally - are willing to pay for their data back. This was revealed by the 2022 edition of Thales' Data Threat Report, according to which despite the greater impact of ransomware, 41% of organizations have no intention of changing their spending on security, despite the unstoppable growth of cyber threats. Furthermore, only less than half of enterprises (48%) have implemented a formal plan for ransomware. The response of the various sectors was different: 57% of respondents from the health sector admitted that they have a formal plan for ransomware, while the energy sector is the least prepared (44%), despite both having experienced significant breaches in the last twelve months . Index of topics • The Data Visibility challenge • Compliance threats and challenges • The Cloud increases the risk • The impact of remote work • Threats on the horizon The Data Visibility challenge As more companies embrace multi cloud strategies and hybrid work remains the norm, IT leaders continue to be challenged by the dispersion of data in their organizations and find it increasingly difficult to locate it. Just over half (56%) of IT leaders described themselves as very confident or with complete knowledge of where their data is stored, down from 64% a year earlier, and just a quarter (25%) stated that they were able to classify all their data.

Throughout 2021, security incidents remained high, with nearly a third (29%) of businesses experiencing a breach in the past 12 months. Additionally, nearly half (43%) of IT leaders admitted to failing a compliance audit. Globally, IT leaders have cited malware (56%), ransomware (53%) and phishing (40%) as the main causes of security attacks. Managing these risks is an ongoing challenge, as recognized by half (45%) of IT leaders who report an increase in the volume, severity and / or scale of cyberattacks in the past 12 months. The Cloud increases the risk Cloud adoption is growing: more than a third (34%) of respondents said they use more than 50 Software as a Service (SaaS) applications, while 16% used more than 100. However, 51 % of IT leaders agreed that managing privacy and data protection regulations in a cloud environment is more complex than on-premises networks within their organization, up from 46% last year. The 2022 Data Threat Report also revealed significant momentum among companies to store data in the cloud, with 32% of respondents saying roughly half of their workloads and data reside in external clouds, and a quarter ( 23%) which indicates more than 60%. However, 44% reported having experienced a breach or failed an audit in their cloud environments. Furthermore, the use of encryption to protect sensitive data is low: only half of respondents (50%) reveal that more than 40% of their sensitive data has been encrypted, while a fifth (22%) has encrypted more than 60%. This represents a significant and ongoing risk for companies. The impact of remote work Another year of remote work has shown that managing security risks is proving to be a significant challenge for companies. Alarmingly, most companies (79%) are still concerned about the security risks and threats remote working brings. Only half of IT leaders (55%) reported having implemented multi-factor authentication (MFA), an unchanged percentage from the previous year. Threats on the horizon However, the report also highlighted a significant diversity of technology spending priorities - suggesting they are serious about addressing complex threat environments. A quarter (26%) said cloud security tools are their top future spending priority. Additionally, a similar number of IT leaders (25%) said they prioritize key management, with Zero Trust as the key strategy at 23%. IT leaders are also increasingly aware of the challenges ahead. Looking ahead, when asked to identify security threats stemming from quantum computing, 52% said they were concerned about "tomorrow's decryption of today's data," a concern that is likely to be intensified by growing complexity of cloud environments. “As the pandemic continues to affect both our businesses and our personal lives, any expectations of a 'return' to pre-pandemic conditions have vanished. Teams around the world continued to face challenges to protect their data, our findings indicate that urgent action is needed by companies to develop more robust cybersecurity strategies - explains Sebastien Cano, Senior Vice President of Cloud Protection and Licensing activities in Thales - The attack surface, as well as the resource management challenges, are only set to increase in the next year, and it is imperative that companies implement a solid security strategy based on Discovery, Protection and Control " .


The fact that companies do not want to spend safely is due both to the poor cyber culture of managers and CEOs, as described in other articles, and because many proposed solutions are sold as effective and are not lacking essential requirements. Then others need specialized personnel that do not exist in companies, and unfortunately we must add that often employee infidelity causes enormous damage. The rubber wall that the exhibitors made for us at the trade fairs in which we participated testifies that everyone pulls the water on his mill and there is no common front against the enemy. Perhaps it was conceptually difficult to identify as the "enemy" of Nice Guys who violate our intimacy and sensitive sucking joints. Now that the "enemy" is in danger of shitting you, I adopt an atomic bomb, I hope everyone understands that to win a war you need the best weapons. And in the field of cyber defense, our solutions are at the forefront, as described in other articles on this site.